package SV_AUTH_HASH_MIGHT;

public class Vulnerable {
    public void doGet(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        String userName = request.getParameter("userName"); //Source
        String md5 = getMd5(userName);
     ...
    }
    public static String getMd5(String str)
    {
        try {
            MessageDigest md = MessageDigest.getInstance("MD5"); //SV.WEAK.CRYPT
            byte[] messageDigest = md.digest(str.getBytes());   //SV.AUTH.HASH.MIGHT - Sink
            //...
        }

    }
